VIRUS-L Digest Thursday, 30 Mar 1989 Volume 2 : Issue 77 Today's Topics: several reports available via anonymous FTP Anti viral software and known viruses Arcmaster: here is the explanation (PC) --------------------------------------------------------------------------- Date: Thu, 30 Mar 89 09:02:38 EST From: luken@ubu.cc.lehigh.edu (Kenneth R. van Wyk) Subject: several reports available via anonymous FTP Over the last couple of weeks, I've received several technical reports from various people. I'd like to announce their availability. Currently, they're only available via anonymous FTP from lll-winken.llnl.gov, but I hope to have them on our LISTSERV shortly, for BITNET users (FTP is for Internet users only). Available are: Coping With Computer Viruses and Related Problems by David M. Chess and Steve R. White IBM T.J. Watson Research Center filename: ibm.paper Net Hormones: Part 1 Infection Control Assuming Cooperation Among Computers by David S. Stodolsky, PhD. filename: net.hormones Virus 101 - Chapters 1,2,3 (would someone please send me chapter 4?) by George Woodside filenames: virus101.1, virus101.2, virus101.3 These files are all in the ~ftp/virus-l/docs directory on lll-winken.llnl.gov. Special thanks to all those who worked on these documents! Your efforts are *greatly* appreciated! Enjoy, Ken ------------------------------ Date: Thu, 30 Mar 89 16:22:41 BST From: David.J.Ferbrache Subject: Anti viral software and known viruses A quick request, as you may know Jim Wright's in the process of trying to establish a network of co-operating server sites each of which are prepared to create a directory of anti-viral software for one or machine types. Each server site would then share anti-viral software, with regular notices of newly available software, index lists and note of the methods of obtaining software being published on the virus lists, and probably on the comp.sys groups. Anyhow, now the request, I would be very grateful for details of where the following anti-viral programs can be obtained, preferably from an email based server :- IBM PC Cop command obfuscation processor Ice intrusion countermeasure electronics (Cyberpunk anyone?) Ifcrc CRC checker Novirus file size monitor Trojan stop disk request interceptor Xficheck crc and file attribute checker MAC Agar petri dish for viruses Nomad, nVIR weapons, nVIR assassin Amiga clkdoctor, killvirus, sentry, viewboot, protection, tcell I will be publishing a list of known viruses in mid-April together with reviews of known protective software, the provisional virus list now includes 11 IBM PC reported strains: Lehigh (2 variants), Brain (alias: Lahore, Pakastani; numerous variants), Italian (alias: Bouncing Ball, Ping Pong), Yale (relationship with Alameda virus to be established) Alameda (alias: Merritt) Austrian (alias: 648, Vienna), New Zealand (alias: Stoned), Cascade(alias: second austrian, blackjack, 1701, 1704), Friday 13th (alias: 1808, 1813, 1792, Israeli, Hebrew University, PLO, sUMsDos; also the sURIV 3.01 variant) April 1st (2 strains sURIV 1.01, sURIV 2.01) Dbase (based on Ross's recent report, awaiting confirmation) Hmm, two basic viruses appearing in Computer viruses: a high tech disease, plus two other viruses developed as personal projects by various people and never release (thank goodness!). For the Mac, 7 strains: MacMag (alias: Peace, Drew), nVIR (4 variants: nVIR A, nVIR B, Hpat and AIDS) Scores (alias: Vult), INIT 29, Anti, 2 hypertext viruses: Dukakis, Hypertext avenger (Don't know much about this, only going by one of Alan Solomon's papers) For the Amiga, 9 strains (including a few anti-virus viruses): Swiss crackers association, IRQ, Byte Bandit, Byte Warrior, Revenge, Obelisk softworks crew, [ North Star, Pentagon Circle, SystemZ - anti-viruses] For the Atari ST, 11 strains (including 1 anti-virus virus): info mainly from George Woodside's virus killer program, Anti, Blot, Freeze, Mad, Screen, Key, ACA, Anti, Mouse inverter and from the Virus destruction utility: Milzbrand link virus also known to exist a family of viruses produced by the Virus construction set available at a recent German computer fair. For the Atari 8 bit series: 1 alleged virus (no details as of yet) For the Apple II system, 4 strains: Elk cloner, festering hate, Cyberaids and Zlink For a grand total of 44 discernable strains which are (or in some extinct cases wer)e in circulation, I guess with about 57 if you count variants as separate viruses. A list of this kind by its very nature cannot be comprehensive, but I would be exceptionally grateful for information on any viruses which do not appear on the above list, and on any aliases you use for the above viruses which I have not cited. And PLEASE, PLEASE how about some consensus regarding the terms used to name viruses (especially IBM PC), the proliferation of aliases does no-one any good and just serves to muddy the water. So far we have named viruses by characteristic growth in file length, transient memory usage, strings found in code, originating country, major infections, resources added, obvious screen symptoms, oh and alleged writer! Oh, thanks to Y.Radai for the corrections on my report about the April 1st strains. Hopefully, it won't be quite as prolific as the Friday 13th. It is my intention to disassemble a number of the more common viral strains in the near furture to cross-check the reports published on virus-l, comp.sys groups et al. The next list will include a classification of each virus by its mode of operation, brief description of symptoms and available disinfection software. Anyone else compiling a similar list please get in touch so we can arrange to pool information, any reports of infections by viruses not appearing on the above list would be of particular interest. PS.Any more news about the so called Russian virus? - ------------------------------------------------------------------------------ - Dave Ferbrache Personal mail to: Dept of computer science Internet Heriot-Watt University Janet 79 Grassmarket UUCP ..!mcvax!hwcs!davidf Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553 ------------------------------ Date: Thu, 30 Mar 89 11:50:24 EST From: msmith@topaz.rutgers.edu Subject: Arcmaster: here is the explanation (PC) Original-From: felstein@mcnc.org (Bruce M. Felstein) Original-Subject: Re: Virus warning The supposed bugs in ARCMASTER version 4xx and higher do not exist. If people would bother to read the doc files they would have learned that the directory that you specify for it to use to unarc and arc files to MUST be a special blank directory, since it will erase the entire contents of the directory after it finishes rearchiving the file. If you didn't bother to read the docs you might specify your root directory to use for this function and after ARCMASTER was done, it would automatically erase all files in that directory. Bruce Felstein Microelectronic Center of NC N3DOD Research Triangle Park, NC felstein@mcnc.org ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253